Updating software

1. A method for updating code in an executing environment comprising: identifying an updater associated with new chain-of-trust code; measuring an identifying characteristic of the identified updater and making the identifying measurement of the updater available to an attestation system; installing the new chain-of-trust code into the executing environment; measuring an identifying characteristic of the new chain-of-trust code and making it available to the attestation system; notifying the attestation system that the chain-of-trust code has been updated to a new version; attesting, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; and in response to the attestation system matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater, validating the integrity of the updated code in the executing environment; and in response to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against the pre-stored attestation value of the updater, invalidating the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication.

2. The method of claim 1 wherein the identifying characteristics are stored in a secure memory only accessible by the storing method and the attestation system.

3. The method of claim 1 wherein the executing environment is a hypervisor and the chain-of-trust code is virtual operating system for execution in a virtual machine on the hypervisor.

4. The method of claim 1 wherein the secure memory comprises registers located in a trusted platform module.

5. The method of claim 1 further comprising determining that new chain-of-trust code is available and that an update is required before performing the acts of claim 1 .

6. The method of claim 1 wherein the attestation system, directly after the notification, checks the origin of the new chain-of-trust code.

7. The method as claimed in claim 6 wherein if measurement does not match an attestation value and the attesting system has checked the origin of the corresponding chain-of-trust code then: updating the attestation value with measurement of the new version of the component; and notifying an administration level that a measurement does not match the attestation value and whether the attesting system recognises the origin of the component.

8. A system for updating code in a executing environment comprising: an attestation system; identifying means configured to identify an updater associated with new chain-of-trust code; measuring means configured to measure an identifying characteristic of the identified updater and making means configured to make the identifying measurement of the updater available to the attestation system; installation means configured to install the new chain-of-trust code into the executing environment; measuring means for measuring an identifying characteristic of the new code and making it available to the attestation system, the measuring means further configured to measure an identifying characteristic of the new chain-of-trust code and making it available to the attestation system; notifying means for notifying the attestation system that chain-of-trust code has been updated to a new version; attesting means configured to attest, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; validating means configured to validate the integrity of the updated chain-of-trust code in the executing environment in response to the attestation means matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater; and invalidating means configured to invalidate the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication, in response to the attestation means not matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against a pre-stored attestation value of the updater.

9. The system of claim 8 wherein the identifying characteristics are stored in a secure memory only accessible by the storing method and the attestation system.

10. The system of claim 8 wherein the executing environment is a hypervisor and the chain-of-trust code is virtual operating system for execution in a virtual machine on the hypervisor.

11. The system of claim 8 wherein the secure memory comprises registers located in a trusted platform module.

12. The system of claim 8 further comprising determining that new chain-of-trust code is available and that an update is required before performing claim 8 .

13. The system of claim 8 wherein the attestation system, directly after the notification, checks the origin of the new chain-of-trust code.

14. The system as claimed in claim 13 configured to: responsive to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and the attestation system having checked the origin of the new chain-of-trust code, means for performing one or more of: update the attestation value of the new code; and/or notify an administration level that a measurement does not match an attestation value and whether the attesting system recognises the origin of the component.

15. A system for ensuring an integrity of chain-of-trust code in an executing environment, comprising: a memory having a set of computer readable computer instructions, and a processor for executing the set of computer readable instructions, the set of computer readable instructions including: identifying an updater associated with new chain-of-trust code; measuring an identifying characteristic of the identified updater and making the identifying measurement of the updater available to an attestation system; installing the new chain-of-trust code into the executing environment; measuring an identifying characteristic of the new chain-of-trust code and making it available to the attestation system; notifying the attestation system that the chain-of-trust code has been updated to a new version; attesting, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; and in response to the attestation system matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater, validating the integrity of the updated code in the executing environment; and in response to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against the pre-stored attestation value of the updater, invalidating the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication.

16. The system of claim 15 , wherein the executing environment is a hypervisor and the chain-of-trust code is virtual operating system for execution in a virtual machine on the hypervisor.